OpenX fc.php MAX_type Parameter Traversal Local File Inclusion

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP script that is susceptible to a
local file include attack.

Description :

The remote host is running OpenX (formerly Openads), an open source ad
serving application written in PHP.

The installed version of OpenX does not validate user-supplied input
to the 'MAX_type' parameter of the 'www/delivery/fc.php' script before
using it in a PHP 'include()' function. Regardless of PHP's
'register_globals' setting, an unauthenticated attacker can exploit
this issue to view arbitrary files or possibly to execute arbitrary
PHP code on the remote host, subject to the privileges of the web
server user id.

See also :

Solution :

Upgrade to OpenX version 2.6.4 / 2.4.10 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 35557 ()

Bugtraq ID: 33458

CVE ID: CVE-2009-0291

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now